Mobile Security Framework (MobSF) Security Update Advisory (CVE-2024-43399)

Aug 27 2024

Overview

An update has been released to address vulnerabilities in Mobile Security Framework(MobSF). Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-43399

MobSF versions: ~ 4.0.6 (inclusive)

Resolved Vulnerabilities

Measures to prevent Zip Slip attacks while extracting .a extension files were improperly implemented, allowing an attacker to extract files to a desired location within the server running MobSF (CVE-2024-43399)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-43399

MobSF Version: 4.0.7

Referenced Sites

[1] CVE-2024-43399 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-43399

[2] Zip Slip Vulnerability in .a Static Library Files

https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-4hh3-vj32-gr6j

Mobile Security Framework (MobSF) Security Update Advisory (CVE-2024-43399)

SolarWinds Product Security Update Advisory (CVE-2024-28987)

WordPress Plugin Security Update Advisory (CVE-2024-6386)

Tags:

SolarWinds Product Security Update Advisory (CVE-2024-28987)

WordPress Plugin Security Update Advisory (CVE-2024-6386)